Thales eSecurity, a provider of critical information systems, cybersecurity and data security, has announced the results of its "2018 Thales Data Threat Report, Global Edition," issued in conjunction with analyst firm 451 Research. The report finds that digitally transformative technologies are shaping the ways in which organizations conduct business, and are moving them to a data-driven world. According to the report, 94 percent of organizations are using sensitive data in the cloud, big data, the Internet of Things (IoT), blockchain and/or mobile environments.

According to the two companies, digital transformation is driving efficiency and scale, and is making possible new business models that drive growth and profitability. Enterprises are embracing this opportunity by leveraging all that digital technology offers, with adoption at record levels: 42 percent of organizations use more than 50 software-as-a-service (SaaS) applications, 57 percent use three or more infrastructure-as-a-service (IaaS) vendors, 53 percent use three or more platform-as-a-service (PaaS) environments, 99 percent are utilizing big data, 94 are implementing IoT technologies and 91 percent are working on or using mobile payments.

This rush to embrace new environments, the firms report, has created more attack surfaces and new risks for data that need to be offset by data security controls, with the extent and impact of increased threats shown in the levels of data breaches and vulnerability. In 2018, 67 percent of respondents were breached, with 36 percent breached throughout the past year—an increase from 2017's 26 percent. Consequently, 44 percent of respondents said they feel very or extremely vulnerable to data threats.

While times have changed with respect to technological advancements, security strategies have not, the report indicates—in large part, because spending realities do not match up with what works best to protect data. The companies report that 77 percent of respondents cite data-at-rest security solutions as being the most effective at preventing breaches, with network security (75 percent) and data-in-motion (75 percent) following close behind. Nonetheless, 57 percent of respondents are spending the most on endpoint and mobile security technologies, followed by analysis and correlation tools (50 percent). When it comes to protecting data, the gap between perception and reality is apparent, with data-at-rest security solutions at the bottom (40 percent) of IT security spending priorities.

This disconnect is also reflected in organizations' attitudes toward encryption, a key technology with a track record of protecting data, the companies note. While spending decisions do not reflect popularity, respondents express a strong interest in deploying encryption technologies: 44 percent cite encryption as the top tool for increased cloud usage; 35 percent believe encryption is necessary to drive big data adoption—only three points behind the top perceived driver, identity technologies (38 percent), and one point behind the second (improved monitoring and reporting tools, at 36 percent).

Meanwhile, 48 percent cite encryption as the top tool for protecting IoT deployments, and 41 percent as the top tool for protecting container deployments. In addition, encryption technologies top the list of desired data security purchases in the next year, with 44 percent citing tokenization capabilities as the number-one priority, followed by encryption with "bring your own key" capabilities. Encryption is cited as the top tool (42 percent) for meeting new privacy requirements, such as the European Union General Data Protection Regulation (GDPR).

"This year, we found that organizations are dealing with massive change as a result of digital transformation, but this change is creating new attack surfaces and new risks that need to be offset by data security controls," said Garrett Bekkera, the author's report and a principal security analyst for information security at 451 Research, in a prepared statement. "But while times have changed, security strategies have not; security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk. If security strategies aren't equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase."

"From cloud computing, to mobile devices, digital payments and emerging IoT applications, organizations are re-shaping how they do business—and this digital transformation is reliant on data," said Peter Galvin, Thales eSecurity's chief strategy officer, in the prepared statement. "As is borne out by our '2018 Data Threat Report,' we're now at the point where we have to admit that data breaches are the new reality, with over a third of organizations suffering a breach in the past year. In this increasingly data-driven world it is therefore hugely important to take steps to protect that data wherever it is created, shared or stored."

To offset the data breach trend and take advantage of new technologies, the two companies suggest that organizations should, at minimum, adhere to the following practices: leverage encryption and access controls as a primary defense for data, and consider an "encrypt everything" strategy; select data security platform offerings that address multiple use cases to reduce complexity and costs; and implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use.